Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Several annoying problems!


  • This topic is locked This topic is locked
14 replies to this topic

#1 Gjeesterphlunnie

Gjeesterphlunnie

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 21 May 2011 - 10:08 AM

I have picked up and successfully combatted several viruses over the last year and I am wondering if there may be some remnants. Oftentimes when I try to run a program I will get a "wait" cursor for a few minutes followed by the program not responding and never opening. If I retry it will eventually run sometimes after 4-5 attempts. My browser redirects regardless of what site I am on or I am going to. And finally, over the last two weeks I have had 4 blue screens on startup all of which have required me to run windows repair program prior to a successful log in. Running Windows Vista 64-bit. Malwarebytes' Anti-Malware and Webroot are unsuccessful in detecting any malware.

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.19048
Run by Tyler at 9:52:14 on 2011-05-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6141.4252 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Tyler\AppData\Roaming\dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\MHotKey.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
C:\Windows\ChiFuncExt.exe
C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\RAVCpl64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Users\Tyler\AppData\Roaming\Microsoft\conhost.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Tyler\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6UYYSNR4\dds[1].scr
C:\Windows\SysWOW64\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0908&m=dx4710-05
uWindow Title = Windows Internet Explorer provided by Comcast
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0908&m=dx4710-05
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyServer = http=127.0.0.1:50465
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll
mWinlogon: Userinit=userinit.exe,
uWinlogon: Shell=explorer.exe,C:\Users\Tyler\AppData\Roaming\dwm.exe
uWindows: Load=C:\Users\Tyler\AppData\Local\Temp\csrss.exe
BHO: MRI_DISABLED - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [igndlm.exe] "C:\Program Files (x86)\Download Manager\DLM.exe" /windowsstart /startifwork
uRun: [ehTray.exe] "C:\Windows\ehome\ehTray.exe"
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [eRecoveryService]
mRun: [Trigger New Acer AlaunchX] "c:\Acer\Preload\Command\AlaunchX\AppInRun.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [conhost] C:\Users\Tyler\AppData\Roaming\Microsoft\conhost.exe
mRun: [SpySweeper] "C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
StartupFolder: C:\Users\Tyler\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LIMEWI~1.LNK - C:\Program Files (x86)\LimeWire\LimeWire.exe
StartupFolder: C:\Users\Tyler\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {191F04F3-90DE-4676-88A6-4B2324DFBD2A} = 68.87.72.134,68.87.77.134
TCP: {83D75689-2417-442C-AAC7-56F3157A53FF} = 68.87.72.130,68.87.77.130
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File
mRun-x64: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
mRun-x64: [RtHDVCpl] "C:\Windows\RAVCpl64.exe"
mRun-x64: [Skytel] "C:\Windows\Skytel.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 ssfs0bbc;ssfs0bbc;C:\Windows\system32\DRIVERS\ssfs0bbc.sys --> C:\Windows\system32\DRIVERS\ssfs0bbc.sys [?]
R2 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-9-2 24576]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe [2008-12-7 3671408]
R2 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe [2009-2-5 1090936]
R3 netr28ux;Linksys USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]
S3 netr7364;Linksys Compact Wireless-G USB Adapter Driver for Vista;C:\Windows\system32\DRIVERS\WUSB54GCx64.sys --> C:\Windows\system32\DRIVERS\WUSB54GCx64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.20\RivaTuner64.sys [2008-11-19 19952]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WMP300Nv1;Linksys Wireless-N PCI Adapter WMP300N;C:\Windows\system32\DRIVERS\WMP300Nv1.sys --> C:\Windows\system32\DRIVERS\WMP300Nv1.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-9-24 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-05-20 17:52:22 188928 ----a-w- C:\Users\Tyler\AppData\Roaming\dwm.exe
2011-05-20 17:49:00 335872 --sha-w- C:\Users\Tyler\AppData\Local\yda.exe
2011-05-20 17:48:59 174080 ----a-w- C:\Users\Tyler\AppData\Roaming\Microsoft\conhost.exe
2011-05-11 18:25:43 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-05-11 18:25:43 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-05-10 02:01:16 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-05-10 02:01:15 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-04-28 03:43:01 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2011-04-28 03:43:01 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2011-04-28 03:43:01 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2011-04-28 03:43:00 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
.
==================== Find3M ====================
.
2011-03-10 17:18:03 1360384 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-10 17:18:02 1398784 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-10 17:03:51 1162240 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-03 16:02:50 975872 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-03 15:59:37 100352 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:59:36 331776 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:59:36 284672 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 15:42:03 739328 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- C:\Windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- C:\Windows\apppatch\AcGenral.dll
2011-03-03 13:46:31 2762240 ----a-w- C:\Windows\System32\win32k.sys
2011-03-02 16:12:21 117760 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-02-24 16:38:07 991104 ----a-w- C:\Windows\System32\winresume.efi
2011-02-24 16:38:07 979840 ----a-w- C:\Windows\System32\winresume.exe
2011-02-24 16:37:57 1076608 ----a-w- C:\Windows\System32\winload.efi
2011-02-24 16:37:57 1063296 ----a-w- C:\Windows\System32\winload.exe
2011-02-24 16:37:53 20864 ----a-w- C:\Windows\System32\kdusb.dll
2011-02-24 16:37:53 18816 ----a-w- C:\Windows\System32\kd1394.dll
2011-02-24 16:37:53 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-02-22 14:47:08 479744 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-22 14:13:01 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-22 13:53:33 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-22 13:53:27 1149440 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-22 13:33:12 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-22 06:50:39 1147904 ----a-w- C:\Windows\System32\wininet.dll
2011-02-22 06:46:49 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2011-02-22 06:46:34 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-02-22 06:46:20 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2011-02-22 06:46:19 77312 ----a-w- C:\Windows\System32\iesetup.dll
2011-02-22 06:21:28 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-02-22 06:17:08 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-02-22 06:16:53 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-02-22 06:16:40 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2011-02-22 06:16:40 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-02-22 05:56:46 479232 ----a-w- C:\Windows\System32\html.iec
2011-02-22 05:20:39 385024 ----a-w- C:\Windows\SysWow64\html.iec
2011-02-22 05:15:51 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2011-02-22 05:14:35 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-02-22 04:43:54 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2011-02-22 04:42:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2009-07-07 09:21:09 155255392 ----a-w- C:\Program Files (x86)\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe
.
============= FINISH: 9:53:10.53 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:17 PM

Posted 28 May 2011 - 11:31 AM

Hi Gjeesterphlunnie, and welcome to Bleeping Computer.

Firstly,
  • Please launch Malwarebytes' Anti-Malware, click the Update tab, and then Check for Updates.
  • Then choose the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Secondly,
Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 Gjeesterphlunnie

Gjeesterphlunnie
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 29 May 2011 - 08:50 AM

MBAM
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6712

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

5/29/2011 7:00:48 AM
mbam-log-2011-05-29 (07-00-48).txt

Scan type: Quick scan
Objects scanned: 236594
Time elapsed: 5 minute(s), 22 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
c:\Users\Tyler\AppData\Roaming\dwm.exe (Trojan.Downloader) -> 1604 -> Unloaded process successfully.
c:\Users\Tyler\AppData\Local\Temp\csrss.exe (Backdoor.Cycbot.Gen) -> 892 -> Unloaded process successfully.
c:\Users\Tyler\AppData\Roaming\microsoft\conhost.exe (Backdoor.Cycbot.Gen) -> 3064 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Backdoor.Cycbot.Gen) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.Cycbot.Gen) -> Bad: (C:\Users\Tyler\AppData\Local\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Tyler\AppData\Roaming\dwm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Tyler\AppData\Local\Temp\csrss.exe (Backdoor.Cycbot.Gen) -> Quarantined and deleted successfully.
c:\Users\Tyler\AppData\Roaming\microsoft\conhost.exe (Backdoor.Cycbot.Gen) -> Quarantined and deleted successfully.

OTL.txt
OTL logfile created on: 5/29/2011 8:20:13 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Tyler\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.44 Gb Available Physical Memory | 74.08% Memory free
12.19 Gb Paging File | 10.51 Gb Available in Paging File | 86.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 586.40 Gb Total Space | 349.44 Gb Free Space | 59.59% Space Free | Partition Type: NTFS
Drive I: | 1.86 Gb Total Space | 1.85 Gb Free Space | 99.37% Space Free | Partition Type: FAT

Computer Name: TYLER-PC | User Name: Tyler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/29 06:56:09 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Tyler\Desktop\OTL.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/05/03 07:55:59 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/23 06:29:18 | 007,418,368 | -H-- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 06:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/01/20 10:08:06 | 006,278,520 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/01/20 10:07:50 | 001,090,936 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2008/12/14 10:29:00 | 000,467,240 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/12/07 22:25:50 | 003,671,408 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2008/12/07 22:25:50 | 000,181,616 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.exe
PRC - [2008/05/30 13:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe
PRC - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 14:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/02/01 14:04:50 | 000,057,344 | ---- | M] (Chicony) -- C:\Windows\ChiFuncExt.exe
PRC - [2007/03/21 16:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (SafeList) ==========

MOD - [2011/05/29 06:56:09 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Tyler\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2007/04/19 15:21:40 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprthook.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/06/11 13:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)
SRV:64bit: - [2006/08/04 04:48:30 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/02 15:59:58 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/04/06 18:37:56 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/20 10:07:50 | 001,090,936 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/12/07 22:25:50 | 003,671,408 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2008/05/05 17:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/04/04 15:24:56 | 000,173,568 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2007/03/21 16:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/12/12 19:05:18 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\purendis.sys -- (purendis)
DRV:64bit: - [2008/12/12 19:05:18 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\pnarp.sys -- (pnarp)
DRV:64bit: - [2008/12/07 22:26:04 | 000,131,184 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2008/12/07 22:26:02 | 000,037,488 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV:64bit: - [2008/06/05 21:21:44 | 000,066,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/03/24 20:50:18 | 007,715,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2007/12/14 19:16:40 | 000,709,632 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2007/06/21 20:16:42 | 000,825,336 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WMP300Nv1.sys -- (WMP300Nv1)
DRV:64bit: - [2007/05/05 22:04:00 | 000,313,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2007/03/21 15:59:30 | 000,381,720 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/03/12 03:11:00 | 000,320,512 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WUSB54GCx64.sys -- (netr7364)
DRV:64bit: - [2006/11/08 03:19:12 | 001,513,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2006/11/08 03:16:56 | 000,403,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2006/11/08 03:15:50 | 000,731,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2006/08/04 04:42:48 | 000,009,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2006/06/19 01:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2008/12/08 17:16:36 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.20\RivaTuner64.sys -- (RivaTuner64)
DRV - [2008/06/11 13:13:24 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
DRV - [2007/04/04 15:21:16 | 000,018,216 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclk64.sys -- (NVR0Dev)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0908&m=dx4710-05
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0908&m=dx4710-05
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0908&m=dx4710-05
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50465

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/05/20 02:10:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/29 08:00:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2010/02/25 12:34:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Extensions
[2010/02/25 12:34:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/05/29 08:00:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2011/05/20 02:10:13 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\TYLER\APPDATA\ROAMING\MOVE NETWORKS
[2009/09/03 03:00:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/03/02 19:05:47 | 000,000,698 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe (Acer Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG] File not found
O4 - Startup: C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Tyler\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Tyler\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{432cdaa3-c0a0-11dd-aee6-001fe2581d07}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
O33 - MountPoints2\{e3bccfd4-6f6d-11df-b1f1-001fe2581d07}\Shell - "" = AutoRun
O33 - MountPoints2\{e3bccfd4-6f6d-11df-b1f1-001fe2581d07}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{fbb6b9eb-c9fd-11dd-85c1-001fe2581d07}\Shell - "" = AutoRun
O33 - MountPoints2\{fbb6b9eb-c9fd-11dd-85c1-001fe2581d07}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.clmp3enc - C:\Program Files (x86)\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/05/29 08:00:59 | 000,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Local\Mozilla
[2011/05/29 08:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/05/29 06:56:07 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Tyler\Desktop\OTL.exe
[2011/05/21 09:52:59 | 000,606,738 | R--- | C] (Swearware) -- C:\Users\Tyler\Desktop\dds.scr
[2011/05/18 23:47:55 | 000,354,816 | ---- | C] (Zygor Guides) -- C:\Users\Tyler\Desktop\ZygorGuides_Updater.exe
[2011/05/18 09:04:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2011/05/09 21:01:16 | 001,653,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/05/09 21:01:15 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll

========== Files - Modified Within 30 Days ==========

[2011/05/29 08:03:57 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/29 08:03:57 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/29 08:03:57 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/29 08:01:00 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/05/29 08:00:57 | 000,000,914 | ---- | M] () -- C:\Users\Tyler\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/29 08:00:56 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/29 07:48:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2011/05/29 07:48:37 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/29 07:48:37 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/29 07:48:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/29 07:48:24 | 2145,570,815 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/29 07:10:22 | 000,029,823 | ---- | M] () -- C:\Users\Tyler\Desktop\Finance 2011.ods
[2011/05/29 06:56:09 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Tyler\Desktop\OTL.exe
[2011/05/29 06:06:11 | 000,000,751 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/05/29 03:00:05 | 000,001,716 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_LB879DB90446449D0AF13C728967550DA.job
[2011/05/28 16:29:17 | 344,045,142 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/28 00:29:41 | 000,018,126 | ---- | M] () -- C:\Users\Tyler\AppData\Roaming\0EEE.D24
[2011/05/21 09:52:13 | 000,606,738 | R--- | M] (Swearware) -- C:\Users\Tyler\Desktop\dds.scr
[2011/05/18 23:46:55 | 000,354,816 | ---- | M] (Zygor Guides) -- C:\Users\Tyler\Desktop\ZygorGuides_Updater.exe
[2011/05/07 15:12:50 | 000,016,249 | -H-- | M] () -- C:\Users\Tyler\Desktop\Schedules.odt
[2011/04/30 14:35:51 | 000,003,068 | -H-- | M] () -- C:\Users\Tyler\Documents\Labels OOo
[2011/04/30 14:33:02 | 000,001,614 | -H-- | M] () -- C:\Users\Tyler\Documents\Labels.OOo.odb

========== Files Created - No Company Name ==========

[2011/05/29 08:01:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/29 08:00:56 | 000,000,914 | ---- | C] () -- C:\Users\Tyler\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/29 08:00:56 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/29 08:00:56 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/29 07:10:18 | 000,029,823 | ---- | C] () -- C:\Users\Tyler\Desktop\Finance 2011.ods
[2011/05/20 12:48:59 | 000,018,126 | ---- | C] () -- C:\Users\Tyler\AppData\Roaming\0EEE.D24
[2011/05/07 14:59:19 | 000,016,249 | -H-- | C] () -- C:\Users\Tyler\Desktop\Schedules.odt
[2011/04/30 14:35:51 | 000,003,068 | -H-- | C] () -- C:\Users\Tyler\Documents\Labels OOo
[2011/04/30 14:33:02 | 000,001,614 | -H-- | C] () -- C:\Users\Tyler\Documents\Labels.OOo.odb
[2010/10/18 21:23:07 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/10/18 21:23:07 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010/09/24 16:52:41 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/09/24 16:52:28 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/09/24 16:52:08 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/09/16 10:17:21 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/09/16 10:17:20 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/07/29 13:14:15 | 000,000,219 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010/07/29 13:14:15 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010/05/03 07:57:24 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/02/16 08:21:49 | 008,673,792 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/12/14 19:17:46 | 000,012,665 | ---- | C] () -- C:\Windows\DiabUnin.dat
[2009/12/14 13:37:22 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2009/12/14 13:37:22 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2009/12/14 13:37:22 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2009/12/13 22:17:42 | 000,041,074 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2009/07/07 04:21:08 | 155,255,392 | ---- | C] () -- C:\Program Files (x86)\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe
[2009/04/27 20:41:59 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/02/03 10:39:49 | 000,000,091 | ---- | C] () -- C:\Windows\CIV.INI
[2009/01/21 05:42:50 | 000,000,126 | -H-- | C] () -- C:\Users\Tyler\AppData\Roaming\wklnhst.dat
[2009/01/01 18:30:27 | 000,052,864 | R--- | C] () -- C:\Windows\SysWow64\SetupWizard.exe
[2008/12/07 22:25:56 | 000,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2008/12/04 14:38:55 | 000,001,356 | -H-- | C] () -- C:\Users\Tyler\AppData\Local\d3d9caps.dat
[2008/12/04 14:37:34 | 000,001,460 | -H-- | C] () -- C:\Users\Tyler\AppData\Local\d3d9caps64.dat
[2008/12/04 12:38:02 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/12/04 08:39:21 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat
[2008/12/02 14:37:36 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2008/12/02 14:31:41 | 000,009,216 | ---- | C] () -- C:\Users\Tyler\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/08/01 04:27:58 | 000,001,361 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI
[2007/03/12 13:01:30 | 000,273,408 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2007/01/02 04:12:02 | 000,581,120 | ---- | C] () -- C:\Windows\mHotkey.exe
[2007/01/02 04:12:02 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll
[2007/01/02 04:12:02 | 000,036,864 | ---- | C] () -- C:\Windows\LchDrvKey.exe
[2007/01/02 04:12:02 | 000,000,870 | ---- | C] () -- C:\Windows\mhotkey_reg.ini
[2007/01/02 03:26:58 | 002,215,364 | ---- | C] () -- C:\Windows\SysWow64\igklg400.bin
[2007/01/02 03:26:58 | 001,971,732 | ---- | C] () -- C:\Windows\SysWow64\igklg450.bin
[2007/01/02 03:26:58 | 000,029,932 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.bin
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/02/15 21:35:45 | 000,257,000 | ---- | M] () -- C:\AnalysisLogApi.sr1
[2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/01/02 03:28:48 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/03/02 17:07:00 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/05/29 07:48:24 | 2145,570,815 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/05 05:59:19 | 000,000,164 | ---- | M] () -- C:\install.dat
[2007/01/02 04:21:10 | 000,000,165 | ---- | M] () -- C:\Labelprint.log
[2010/12/04 08:20:37 | 000,001,169 | ---- | M] () -- C:\net_save.dna
[2011/05/29 07:48:19 | 2459,189,247 | -HS- | M] () -- C:\pagefile.sys
[2007/01/02 04:21:30 | 000,000,163 | ---- | M] () -- C:\power2go.log
[2008/09/02 15:26:00 | 000,000,488 | ---- | M] () -- C:\RHDSetup.log
[2011/03/02 19:03:41 | 000,000,413 | ---- | M] () -- C:\rkill.log
[2009/02/05 06:11:31 | 000,002,077 | ---- | M] () -- C:\tracert.txt
[2008/12/02 14:52:49 | 000,000,000 | ---- | M] () -- C:\Updates.txt

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >

Extras.txt
OTL Extras logfile created on: 5/29/2011 8:20:13 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Tyler\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.44 Gb Available Physical Memory | 74.08% Memory free
12.19 Gb Paging File | 10.51 Gb Available in Paging File | 86.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 586.40 Gb Total Space | 349.44 Gb Free Space | 59.59% Space Free | Partition Type: NTFS
Drive I: | 1.86 Gb Total Space | 1.85 Gb Free Space | 99.37% Space Free | Partition Type: FAT

Computer Name: TYLER-PC | User Name: Tyler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 04 E4 DC 8F 5D 5C CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066B6749-7B9C-4FC4-9F1B-269C77BCFF2A}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{0A9147BB-AB3F-4850-B1B4-875490B02AB6}" = rport=445 | protocol=6 | dir=out | app=system |
"{162F5FC3-5C24-4D18-8620-46C46703E9C2}" = rport=138 | protocol=17 | dir=out | app=system |
"{1D9227CD-E772-4B76-B91F-3B28FD37F1AE}" = rport=137 | protocol=17 | dir=out | app=system |
"{2D8CC7AF-FAD6-4030-B6C2-2A017355E22D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{3F82D609-287E-48DD-A903-5FB5CD1A673D}" = lport=445 | protocol=6 | dir=in | app=system |
"{6A99728B-84F5-4B79-B94E-FC0ADF5E91AB}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{6D4D1F39-1E8B-4478-B000-758026E8F4E1}" = lport=138 | protocol=17 | dir=in | app=system |
"{7BB0C602-4A2B-4C59-A713-240DEEB54805}" = lport=139 | protocol=6 | dir=in | app=system |
"{7C9C9105-B9D3-4C33-B309-A6D07FAAF714}" = lport=137 | protocol=17 | dir=in | app=system |
"{C594BFDE-0C12-4D79-9EA1-69BE68337609}" = lport=6881 | protocol=6 | dir=in | name=blizzard downloader: 6881 |
"{EB4BECCF-59A2-4413-A822-82681C85FF6F}" = rport=139 | protocol=6 | dir=out | app=system |
"{FA256C68-ADDE-4B1D-B216-2F6808960035}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0041E8CA-19A7-41B2-B0C4-180967B97D50}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{065A494C-A391-49F7-8DBC-542C5E771069}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{133F8952-9D2D-459C-954A-CF924735F941}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{1D2664EE-0FED-40F7-AA4C-F0DF0533EF5E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{27C0695E-FACC-4589-8B12-AE6EEF5AFB48}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2A4BB812-37FB-44A7-90AC-4203A9D5DB56}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo\diablo.exe |
"{2E988A3B-A7AC-4AAF-8407-534DA1E78C3C}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{32EC9034-05F4-4880-8B30-4DA0E6A134DC}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{3943B931-41DA-4E06-BE26-CB1E0DA64660}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3F9719B2-C77F-483B-9B16-1B6AC1FB427A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{451AD330-38FA-4F5C-88C9-8D0595F1CD48}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{51B40B28-E956-4270-A594-C78EB8A5611E}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{57192A46-DB9B-47F2-B86E-CBDB254A524B}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{63602B13-615D-4A2A-8D22-9B01407477B4}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{69364997-62CC-47BE-8B08-818930CE0567}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo ii\diablo ii.exe |
"{6A99192E-FABD-4E9D-99DE-2667D89B2C99}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe |
"{76D09242-A3EA-4D31-8409-FC7836FE469B}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo\diablo.exe |
"{894FD609-7CEC-445A-BB32-3F634C74B7FC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3\falloutlauncher.exe |
"{8B33096B-528D-4DF5-8B5B-9CC71A447148}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe |
"{8D0AE6F5-A769-47F2-8C73-DD98FEEA29EA}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{8F109937-E062-46C1-80D4-F06AE67278E1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3\falloutlauncher.exe |
"{90A73899-121A-4CEB-BBED-C3CB753779D0}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{9B26D1BF-D0EE-4072-8DD4-A45FB59DA649}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{AEB525E8-99B5-4BFA-A115-8BA3ECA8366E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{AF38C9E0-5765-43A4-964D-7E9681F19B90}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{B289248C-DEB3-482B-8949-93E99404F96C}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{B73B3467-FDAE-4792-AF03-59683D1634F8}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{C024AA98-FCD5-4373-80F7-911C673B5DA1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3\falloutlauncher.exe |
"{C5F97871-8D5F-4024-88DF-F1D0F89A4C7C}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{C6CD9F56-51C1-44AF-8847-C32C54B75C25}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{C9A358ED-6785-4BFB-AC89-CB4FBBD8F7D0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3\falloutlauncher.exe |
"{CB0C9610-D68A-4A85-9480-AC99A3034360}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{CD18DDD1-40FB-4A27-B14C-A2FC3458903A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DC491DD7-4379-4ECE-9780-2D607AF14853}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{E5CFA02E-F8E4-479B-A957-1E25D1102701}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{EF4C0B9F-1DBC-4876-94B1-E2274AFF4373}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the last remnant\binaries\tlr.exe |
"{F1AB1A53-54C2-4015-969C-CD914E720021}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{F1E228C8-DC95-4A21-97B7-480373D6512C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the last remnant\binaries\tlr.exe |
"{F9225CA4-67A9-4868-B2C2-0E6172B6C72F}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{FB4D41FC-CDA6-4207-8EFF-637FC7D22408}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{FEE48F20-5B2D-4925-952B-D07B88CACF65}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo ii\diablo ii.exe |
"TCP Query User{05587581-4A36-4C44-B3EA-E7AABD341DCD}C:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe" = protocol=6 | dir=in | app=c:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe |
"TCP Query User{39FEF9E6-4151-43BE-89FB-96BA91DF09B3}C:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe" = protocol=6 | dir=in | app=c:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe |
"TCP Query User{4288CD9F-0B53-40A6-A5B5-63011DBD124B}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{4A53B4E4-C409-4544-ADB1-CA09ECC842F6}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{6309B586-B903-44D0-AB03-E910519F95EF}C:\program files (x86)\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe |
"TCP Query User{67BBC2E7-6A36-497E-B8B2-F792694A44C2}C:\users\tyler\appdata\local\temp\blizzard launcher temporary - c1a37690\launcher.exe" = protocol=6 | dir=in | app=c:\users\tyler\appdata\local\temp\blizzard launcher temporary - c1a37690\launcher.exe |
"TCP Query User{76FFD695-C7CB-4B47-A0EC-AB1081F7C82D}C:\users\tyler\appdata\local\temp\blizzard launcher temporary - 3003eda8\launcher.exe" = protocol=6 | dir=in | app=c:\users\tyler\appdata\local\temp\blizzard launcher temporary - 3003eda8\launcher.exe |
"TCP Query User{B3D470A0-7E13-44EA-9E18-4A2E6EC5DA65}C:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe |
"TCP Query User{C54383D5-9AE4-47A5-B5C5-E7D23FE9AEB2}C:\users\tyler\appdata\local\temp\blizzard launcher temporary - 58bd9e90\launcher.exe" = protocol=6 | dir=in | app=c:\users\tyler\appdata\local\temp\blizzard launcher temporary - 58bd9e90\launcher.exe |
"UDP Query User{1E4EC8B9-C2BD-471C-88FA-227BAF959504}C:\users\tyler\appdata\local\temp\blizzard launcher temporary - 3003eda8\launcher.exe" = protocol=17 | dir=in | app=c:\users\tyler\appdata\local\temp\blizzard launcher temporary - 3003eda8\launcher.exe |
"UDP Query User{4D6B816E-7D0C-447F-8F82-76FEE3C19A3C}C:\users\tyler\appdata\local\temp\blizzard launcher temporary - 58bd9e90\launcher.exe" = protocol=17 | dir=in | app=c:\users\tyler\appdata\local\temp\blizzard launcher temporary - 58bd9e90\launcher.exe |
"UDP Query User{78C9F5F4-F51E-46F2-A336-41FA0885E598}C:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe" = protocol=17 | dir=in | app=c:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe |
"UDP Query User{96F57383-3CB5-443D-8E63-5A99D6444B3B}C:\program files (x86)\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe |
"UDP Query User{A30014AB-0C85-4120-A700-23A61FB9D637}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{A8E3775B-0974-4F08-8FF8-FDEE43D73BEE}C:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe" = protocol=17 | dir=in | app=c:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe |
"UDP Query User{BF54AA63-E0F7-4470-A22B-6FB93EF1D9FE}C:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe |
"UDP Query User{D6F19EAD-F4FB-4AA0-BBB6-C9A81165B1D0}C:\users\tyler\appdata\local\temp\blizzard launcher temporary - c1a37690\launcher.exe" = protocol=17 | dir=in | app=c:\users\tyler\appdata\local\temp\blizzard launcher temporary - c1a37690\launcher.exe |
"UDP Query User{F78C8D09-AA9D-407E-9BAF-B237B4D32D34}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{090A4D4C-24B2-4248-BFF2-AC30D2E0676B}" = Marvell® Wireless Card Software Package
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"HDMI" = Intel® Graphics Media Accelerator Driver
"MediaInfo" = MediaInfo 0.7.35
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel® Network Connections Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0CA14F11-6F47-4613-8E40-6AC088E464A0}" = Cisco Network Magic
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1898B8E5-43E2-4BCA-AD6A-B9FBE0C93F84}" = Heroes of Might and Magic V Collector Edition
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{3018B943-C76C-44B0-B078-790A28CEF67E}" = Microsoft UI Engine
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3B1A4366-8DFA-4582-91F6-27F7A4714FCC}" = Pure Networks Platform
"{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{653BB2E2-267F-4AB3-9B56-2BF76922B041}" = Petz Sports
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76F8CB2B-6516-4E1E-B6F1-AED4ABDB4B0A}_is1" = Webroot AntiVirus with AntiSpyware
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan
"{AA20E409-BDB4-439B-B75B-D5B193546779}" = Linksys Wireless-N PCI Adapter WMP300N Driver - WMP300Nv1.1
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{D49C6912-FE0E-467B-89A6-A6E08B809C20}" = Heroes of Might & Magic V: Hammers of Fate
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}" = KB0817 Keyboard Driver
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2C4E6E0-EB78-4824-A212-6DF6AF0E8E82}" = FINAL FANTASY XIV
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATMA V" = ATMA V 5.05
"Audacity_is1" = Audacity 1.2.6
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Diablo" = Diablo
"Diablo II" = Diablo II
"Download Manager" = Download Manager 2.3.10
"Hellfire_is1" = Hellfire
"Heroes II Gold" = Heroes II Gold
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
"InstallShield_{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess
"InstallShield_{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI
"InstallShield_{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys Dual-Band Wireless-N USB Network Adapter
"InstallShield_{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan
"King's Quest 1 VGA" = King's Quest 1 VGA
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LimeWire" = LimeWire 5.4.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Money2007b" = Microsoft Money Essentials
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"Network MagicUninstall" = Network Magic
"PlugY, The Survival Kit" = PlugY, The Survival Kit
"RealPlayer 12.0" = RealPlayer
"RivaTuner" = RivaTuner v2.20
"Smart Copy" = Smart Copy 3.1.1.1
"Steam App 22300" = Fallout 3
"Steam App 23310" = The Last Remnant
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"WildTangent gateway Master Uninstall" = Gateway Games
"WinGimp-2.0_is1" = GIMP 2.6.6
"World of Warcraft" = World of Warcraft
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zynga Toolbar" = Zynga Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diablo" = Diablo
"Move Media Player" = Move Media Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/14/2011 5:23:51 AM | Computer Name = Tyler-PC | Source = Windows Search Service | ID = 3100
Description =

Error - 4/14/2011 3:30:35 PM | Computer Name = Tyler-PC | Source = Windows Search Service | ID = 3100
Description =

Error - 4/14/2011 4:13:17 PM | Computer Name = Tyler-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 4/14/2011 5:31:55 PM | Computer Name = Tyler-PC | Source = Windows Search Service | ID = 3100
Description =

Error - 4/15/2011 5:24:22 AM | Computer Name = Tyler-PC | Source = Windows Search Service | ID = 3100
Description =

Error - 4/15/2011 7:36:02 AM | Computer Name = Tyler-PC | Source = Windows Search Service | ID = 3100
Description =

Error - 4/15/2011 10:27:43 AM | Computer Name = Tyler-PC | Source = Windows Search Service | ID = 3100
Description =

Error - 4/15/2011 3:31:05 PM | Computer Name = Tyler-PC | Source = Windows Search Service | ID = 3100
Description =

Error - 4/15/2011 4:13:31 PM | Computer Name = Tyler-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 4/15/2011 4:32:25 PM | Computer Name = Tyler-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 5/28/2011 7:46:56 AM | Computer Name = Tyler-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/28/2011 5:29:45 PM | Computer Name = Tyler-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:11:32 PM on 5/28/2011 was unexpected.

Error - 5/28/2011 5:30:33 PM | Computer Name = Tyler-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/29/2011 7:05:25 AM | Computer Name = Tyler-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/29/2011 8:05:13 AM | Computer Name = Tyler-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/29/2011 8:21:33 AM | Computer Name = Tyler-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/29/2011 8:48:40 AM | Computer Name = Tyler-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =

Error - 5/29/2011 8:49:18 AM | Computer Name = Tyler-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/29/2011 9:00:58 AM | Computer Name = Tyler-PC | Source = DCOM | ID = 10000
Description =

Error - 5/29/2011 9:15:43 AM | Computer Name = Tyler-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.101
with the system having network hardware address 00-1E-E5-E3-D0-60. Network operations
on this system may be disrupted as a result.


< End of report >


Boy, that was a big one...

#4 Gjeesterphlunnie

Gjeesterphlunnie
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 29 May 2011 - 08:52 AM

BTW: When I ran Mbam, I lost several files that were saved to my desktop. Nothing critical, but some pretty important.

#5 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:17 PM

Posted 29 May 2011 - 12:39 PM

Hi again Gjeesterphlunnie!!.. :)

BTW: When I ran Mbam, I lost several files that were saved to my desktop. Nothing critical, but some pretty important.

That's very strange - I've never heard of similar issues with MBAM... :huh: Are you sure these files were deleted during the scan with MBAM (there is no sign of it in the log)??.. These were files of what type (.doc files, .exe files or what)??.. If I know the details, I can contact the MBAM developers and let them know about the possible issue...

I do not see active malware in the logs - run the script below to remove some leftovers...
Ok, please do the following:

Firstly,
You do have Zynga Toolbar installed (a Conduit "Community Toolbar") - it modifies the default IE URL search hook. Conduit toolbars are reputed to have a certain trackware functionality.
I recommend you uninstall it... If you decide, use: Start -> Control Panel -> Programs and Features...

Secondly,
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50465
    O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [eRecoveryService] File not found
    O4 - HKCU..\Run: [WMPNSCFG] File not found
    O33 - MountPoints2\{432cdaa3-c0a0-11dd-aee6-001fe2581d07}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
    [2011/03/02 17:07:00 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Thirdly,
  • Download TDSSKiller.zip and extract TDSSKiller.exe to your Desktop.
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
Posted Image

  • If Malicious objects are found, ensure Cure is selected (it should be by default).
  • Click Continue then click Reboot now.
  • Once complete, a log will be produced at the root drive which is typically C:\

    For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Please post that log here.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#6 Gjeesterphlunnie

Gjeesterphlunnie
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 29 May 2011 - 05:14 PM

Gjeesterphlunnie, on 29 May 2011 - 08:52 AM, said:

BTW: When I ran Mbam, I lost several files that were saved to my desktop. Nothing critical, but some pretty important.


That's very strange - I've never heard of similar issues with MBAM... Are you sure these files were deleted during the scan with MBAM (there is no sign of it in the log)??.. These were files of what type (.doc files, .exe files or what)??.. If I know the details, I can contact the MBAM developers and let them know about the possible issue...


Well, I did a simple windows search for some of the files and found them... not sure if it was MBAM or one of my BSOD freezes that moved them...





OTL
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{432cdaa3-c0a0-11dd-aee6-001fe2581d07}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{432cdaa3-c0a0-11dd-aee6-001fe2581d07}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe not found.
File C:\fsqwr.bmp not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Public

User: Tyler
->Temp folder emptied: 99840 bytes
->Temporary Internet Files folder emptied: 8296995 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 252603464 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 200592307 bytes

Total Files Cleaned = 440.00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Default

User: Default User

User: Public

User: Tyler
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 05292011_150715

Files\Folders moved on Reboot...
File\Folder C:\Users\Tyler\AppData\Local\Temp\~DFD005.tmp not found!
File\Folder C:\Users\Tyler\AppData\Local\Temp\~DFD016.tmp not found!
File\Folder C:\Users\Tyler\AppData\Local\Temp\~DFD072.tmp not found!
File\Folder C:\Users\Tyler\AppData\Local\Temp\~DFD083.tmp not found!
File\Folder C:\Users\Tyler\AppData\Local\Temp\~DFD0D9.tmp not found!
File\Folder C:\Users\Tyler\AppData\Local\Temp\~DFD0EB.tmp not found!
C:\Users\Tyler\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8GMW0MF6\page__p__2257203__fromsearch__1[1].htm moved successfully.
C:\Users\Tyler\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\Windows\temp\wrstemp\SSMS00E5723A-C7E9-490C-AC4C-E69658B88257.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS05ACA912-FB0C-4042-9B78-63ED30FC41A0.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS093FDFEA-C739-446B-9FC5-A4216EFC6FD9.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS0A5F71F8-A583-4079-A002-A8DF62CF8CA9.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS0DA02A39-929D-489D-B350-C97E4538D150.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS134C1EF7-7B11-435B-83BE-006DCDE91532.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS1939AF88-C6A8-4ED6-8266-45FAF4C9C771.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS1B6E8473-3E7A-4FE2-9AFE-3364D4C482B9.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS21E9B88E-5EB1-45B3-8309-2B1F2511E962.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS224B73C7-7652-4064-9A1D-90A2A056F773.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS2290AD4C-35AC-4134-AC12-635243DD0671.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS233FFAFE-C1E1-427E-A0C7-829650BE0646.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS238A56E0-889B-49D0-98B8-DAB1DC408379.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS242B86E5-FED4-4EF0-AEE2-425C4EEA3B5B.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS25FA8301-985D-4B41-AF1A-37580CEC6C9D.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS27F4D49A-CFF3-4F1F-8A32-E6A53B16A071.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS2ABA7EB7-8BDB-446A-BE76-70BAF79DBB53.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS3314545B-2BFE-4612-A78F-0F7F099FDD94.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS345388B9-5793-4614-A75A-90CF7F4666C2.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS35E64A5A-6577-40D0-B534-D045A2651C02.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS38129192-3181-44C6-80AF-E31B7D32AEF2.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS38A01D91-D65C-48B5-8686-533A07519C42.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS3A13F3AA-ED6B-4895-8DF2-E2E287BE5388.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS3ADB18E7-E182-461A-9BD6-ABCA1FCB0F58.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS3DA62B3B-5434-428B-9432-EAB9BD9B8E9C.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS3F67EA10-86BF-4D97-BA31-27CCF929EC58.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS47F54B71-9E85-44FD-8124-6AAA38E23B11.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS51862AB6-2969-46C4-A076-89D639780726.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS51C640A8-5B28-4137-97FD-376B079D1147.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS5569C014-AF94-41D8-AAAA-426D13337455.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS560E29DA-1F23-4AD8-8C21-678D5DC199B7.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS58DAEFB7-8F11-4027-BFC0-FC1AC58CD392.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS59B03C01-123C-46B3-A3CC-D7697E046883.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS5AB87DE4-6BF2-495E-A1AE-32A0BDF4CAC6.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS5E26F1F8-5D0E-4E9C-9AE2-CAD624E314A7.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS5F95A475-8407-429F-926B-EA20EEC633A5.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS653E95BF-805C-4A17-B4B4-B6E95D2702E8.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS668B8B07-22C5-4C3B-8041-FA65A66F818E.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS6B254C4D-AA25-4165-8570-C679A013D384.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS6C3A47F6-411C-4FC0-B020-3124AFEFB3B1.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS70BAE9DB-9C4C-4D54-99DF-A006A5E29F6A.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS7693D1ED-630D-4ED3-AC34-CF9E39922CF2.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS793C58FD-040D-474F-A5FE-0084C60CFF60.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS7D9477B7-AB94-47E5-A6AF-E09A83004CEE.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS7E2B7E15-2260-4B59-810C-4AC09478AA6B.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS80059A98-7448-4C32-ACB9-91DA29A5A6F9.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS801F27B6-A520-4AF9-8518-9E441FB5BA32.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS83E58505-7675-4D6F-896C-EBD8BBF7C3D8.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS8443B34B-CBEB-4408-92CD-2470214C8333.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS8511F40A-A175-48E0-BB8F-CEED80A05C1E.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS85130D53-153D-40C9-A554-0D056A572214.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS8DED2283-91F8-43B9-907B-496C173AF89D.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS8FB1FC0A-31A6-45C7-84B7-4E0DA1757214.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS92083427-875E-463B-B95C-06CE995CA539.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS94E206FC-76DC-4BB8-98BB-11911FDAE2C8.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS979DBE6C-0FF6-4A4E-A018-2A734C2D375E.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS98E2CA44-E6A8-4903-838C-02DE0E2FD7AF.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS99A37874-48D0-4F99-875D-96363AD9725E.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMS9C38C002-D053-4EAC-B698-53F84F57C19F.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSA08BCEC3-9E17-4443-BA9D-69A9F3888DB5.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSA4846C75-A696-446D-BE3F-1E980EC59BFB.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSAAF6D3F9-D726-49DF-93FA-D905EC1470C0.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSAB939893-BB14-493A-B796-A7D2B78820C5.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSAC0B3CC4-FA09-47EB-8497-1C4ABEDC6423.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSACCB1B50-C06E-47AA-A48D-706D5D394AB8.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSADC50DC1-FF2A-485D-B1BA-8902344E8814.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSAF108C7D-7D8B-4C0C-AB0D-1003BBA3897F.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSB190F88D-4301-481F-87B2-ADE5CFB5F01C.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSB91E1C3D-6D84-4F2D-8592-A37F493606D8.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSB922F331-E3B5-45F6-9DA4-816BE400D966.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSB98D382E-84D6-4366-9F99-3855A5B29C71.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSBA139366-6D85-4502-93C0-904B31FF4353.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSBC95ACDE-EE23-46C9-AE02-2EE280BF1D24.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSBDFEE765-D57C-4E8A-B527-071BAF7AA953.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSC16A163D-ADF6-4E75-AD38-80A1E8813CF9.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSC349847B-DB09-4E9A-8237-7852D6C4F8EC.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSC6362B51-168A-4AF4-9738-F72A006F22E1.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSC788341B-287D-4948-92FF-DC8C65856EE8.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSC9895270-1184-4CA9-ACC0-5627CA63B7C6.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSCBF7CBF7-B6FA-4823-9850-8BB1A53431A2.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSCE488FFE-83BC-4077-AC3E-8CA034B48AE6.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSCF26B6BB-4A41-4E38-B4C6-A694EFBB314E.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSCFE22EFA-3718-44EE-9128-74FB0A09770D.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSD023B90E-4260-438A-A33D-F912793CFAC3.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSD46AEBCF-8EC4-4333-976C-68818ADD77A1.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSD5C4CBA0-E0F4-4C22-8F50-C59EBB083F5B.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSD730017D-3ED4-4FDD-9C51-3AE694B981A1.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSD853FB58-C17A-4B49-96E5-413A4DB27420.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSDB71A7F6-7399-40C2-9DA1-9665F3F9813C.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSDC00FF2A-4DFC-4FAD-97B8-44C9D9D5573D.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSDCE26215-2456-4F8E-A34C-322610D5EACF.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSDD9A4DF6-F7D5-4928-9400-59FDC2C81403.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSDDD3CA3C-8750-4EB0-87CA-09D524EF7B68.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSE6726D5C-BFC3-43E3-9618-A22579CE7CB9.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSE962D032-876D-4015-9808-7616BAD1A99E.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSE9DCB9FA-88B5-4463-A999-7C9449C65A61.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSEA8B7A53-99F0-4414-83A8-7CFD60CB2026.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSEDEDD1C1-D533-4016-A5BE-8699AD17CEE0.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSF7690A54-F5B0-41B4-AD2F-9D77015E838F.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSF82BA74E-1B67-41BD-94CB-F1927EEAFEEE.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSF8B28B2E-137A-439A-9E07-A3A2F6EB898A.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSFAAF25EE-5B7D-40FC-8792-F1473E978B0C.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSFC6CA964-99BE-4EB4-B0A1-916293D0C8F1.tmp not found!
File\Folder C:\Windows\temp\wrstemp\SSMSFF4C7301-E11D-44CF-ABAF-4257BC612737.tmp not found!

Registry entries deleted on Reboot...

TDSSKiller
2011/05/29 17:05:55.0206 4436 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/29 17:05:55.0596 4436 ================================================================================
2011/05/29 17:05:55.0596 4436 SystemInfo:
2011/05/29 17:05:55.0596 4436
2011/05/29 17:05:55.0596 4436 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/29 17:05:55.0596 4436 Product type: Workstation
2011/05/29 17:05:55.0596 4436 ComputerName: TYLER-PC
2011/05/29 17:05:55.0596 4436 UserName: Tyler
2011/05/29 17:05:55.0596 4436 Windows directory: C:\Windows
2011/05/29 17:05:55.0596 4436 System windows directory: C:\Windows
2011/05/29 17:05:55.0596 4436 Running under WOW64
2011/05/29 17:05:55.0596 4436 Processor architecture: Intel x64
2011/05/29 17:05:55.0596 4436 Number of processors: 4
2011/05/29 17:05:55.0596 4436 Page size: 0x1000
2011/05/29 17:05:55.0596 4436 Boot type: Normal boot
2011/05/29 17:05:55.0596 4436 ================================================================================
2011/05/29 17:05:56.0158 4436 Initialize success
2011/05/29 17:06:11.0976 5064 ================================================================================
2011/05/29 17:06:11.0976 5064 Scan started
2011/05/29 17:06:11.0976 5064 Mode: Manual;
2011/05/29 17:06:11.0976 5064 ================================================================================
2011/05/29 17:06:13.0833 5064 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/05/29 17:06:13.0911 5064 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/05/29 17:06:14.0020 5064 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/05/29 17:06:14.0113 5064 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/05/29 17:06:14.0207 5064 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/05/29 17:06:14.0316 5064 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2011/05/29 17:06:14.0410 5064 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/05/29 17:06:14.0691 5064 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/05/29 17:06:14.0737 5064 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2011/05/29 17:06:14.0753 5064 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/05/29 17:06:14.0800 5064 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/05/29 17:06:14.0831 5064 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/05/29 17:06:14.0862 5064 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/05/29 17:06:14.0893 5064 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/29 17:06:14.0909 5064 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
2011/05/29 17:06:15.0003 5064 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/05/29 17:06:15.0049 5064 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/29 17:06:15.0096 5064 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/29 17:06:15.0127 5064 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/05/29 17:06:15.0268 5064 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/05/29 17:06:15.0393 5064 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/05/29 17:06:15.0517 5064 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/29 17:06:15.0564 5064 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/05/29 17:06:15.0642 5064 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/05/29 17:06:15.0689 5064 CAXHWBS2 (551be1536b27dc056ea4d48275efb089) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
2011/05/29 17:06:15.0783 5064 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/29 17:06:15.0829 5064 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/29 17:06:15.0876 5064 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/29 17:06:15.0954 5064 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/05/29 17:06:16.0765 5064 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/05/29 17:06:17.0202 5064 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
2011/05/29 17:06:17.0561 5064 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/29 17:06:19.0776 5064 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2011/05/29 17:06:20.0572 5064 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/05/29 17:06:20.0962 5064 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/05/29 17:06:21.0477 5064 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/29 17:06:23.0567 5064 e1express (090c52161e62d06cc7df831f4bff7644) C:\Windows\system32\DRIVERS\e1e6032e.sys
2011/05/29 17:06:23.0879 5064 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/05/29 17:06:25.0283 5064 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/05/29 17:06:25.0845 5064 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/05/29 17:06:27.0233 5064 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/05/29 17:06:28.0107 5064 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/05/29 17:06:29.0027 5064 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/05/29 17:06:29.0245 5064 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/29 17:06:30.0181 5064 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/05/29 17:06:30.0603 5064 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/05/29 17:06:30.0821 5064 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/29 17:06:31.0273 5064 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/05/29 17:06:33.0317 5064 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/29 17:06:34.0643 5064 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/29 17:06:35.0314 5064 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/29 17:06:35.0470 5064 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/05/29 17:06:35.0563 5064 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/29 17:06:35.0610 5064 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/05/29 17:06:35.0626 5064 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/29 17:06:35.0673 5064 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/29 17:06:35.0704 5064 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/05/29 17:06:35.0766 5064 HSF_DPV (9c369cbc5f19da9968223197b5205f68) C:\Windows\system32\DRIVERS\CAX_DPV.sys
2011/05/29 17:06:35.0844 5064 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/05/29 17:06:35.0891 5064 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/05/29 17:06:35.0907 5064 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/29 17:06:35.0938 5064 iaStor (9d7ed4275702e2fc409f2cc563245740) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/29 17:06:35.0969 5064 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/05/29 17:06:36.0125 5064 igfx (3fd8f49a16803072d104dfb9ca5dd015) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/05/29 17:06:36.0265 5064 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/05/29 17:06:36.0343 5064 int15 (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\SysWOW64\drivers\int15_64.sys
2011/05/29 17:06:36.0406 5064 IntcAzAudAddService (aecdaa95b5bbfac856c4a22d06d3d76a) C:\Windows\system32\drivers\RTKVHD64.sys
2011/05/29 17:06:36.0453 5064 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/05/29 17:06:36.0484 5064 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/29 17:06:36.0546 5064 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/29 17:06:36.0593 5064 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/29 17:06:36.0609 5064 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/29 17:06:36.0624 5064 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/05/29 17:06:36.0640 5064 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/05/29 17:06:36.0687 5064 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/29 17:06:36.0921 5064 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/05/29 17:06:36.0999 5064 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/05/29 17:06:37.0061 5064 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/29 17:06:37.0092 5064 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/29 17:06:37.0139 5064 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/29 17:06:37.0155 5064 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/05/29 17:06:37.0217 5064 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/29 17:06:37.0264 5064 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/29 17:06:37.0295 5064 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/29 17:06:37.0311 5064 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/29 17:06:37.0342 5064 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/05/29 17:06:37.0373 5064 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/05/29 17:06:37.0389 5064 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/05/29 17:06:37.0420 5064 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/05/29 17:06:37.0451 5064 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/05/29 17:06:37.0498 5064 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/29 17:06:37.0638 5064 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/29 17:06:37.0669 5064 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/29 17:06:37.0701 5064 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/05/29 17:06:37.0732 5064 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/05/29 17:06:37.0763 5064 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/29 17:06:37.0825 5064 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/29 17:06:37.0888 5064 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/05/29 17:06:37.0919 5064 mrxsmb (dc434b4769e18da09ce1b7755d4c64e9) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/29 17:06:37.0966 5064 mrxsmb10 (64713fcfe3de8881d62f8f3f2f794241) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/29 17:06:37.0997 5064 mrxsmb20 (0005c599a2abf767a815afcd32e523e3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/29 17:06:38.0044 5064 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2011/05/29 17:06:38.0091 5064 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/05/29 17:06:38.0122 5064 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/05/29 17:06:38.0137 5064 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/05/29 17:06:38.0231 5064 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/29 17:06:38.0278 5064 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/29 17:06:38.0309 5064 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/05/29 17:06:38.0387 5064 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/05/29 17:06:38.0434 5064 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/29 17:06:38.0449 5064 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/05/29 17:06:38.0496 5064 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/05/29 17:06:38.0559 5064 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/29 17:06:38.0621 5064 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/05/29 17:06:38.0652 5064 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/29 17:06:38.0668 5064 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/29 17:06:38.0699 5064 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/29 17:06:38.0715 5064 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/05/29 17:06:38.0730 5064 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/29 17:06:38.0761 5064 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/29 17:06:38.0808 5064 netr28ux (7d536aacb9329fe4b21c1870e3410ba6) C:\Windows\system32\DRIVERS\netr28ux.sys
2011/05/29 17:06:38.0855 5064 netr7364 (4d457321124ef6031875da01e9c402b3) C:\Windows\system32\DRIVERS\WUSB54GCx64.sys
2011/05/29 17:06:38.0871 5064 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/05/29 17:06:38.0902 5064 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/05/29 17:06:38.0933 5064 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/29 17:06:39.0011 5064 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/05/29 17:06:39.0058 5064 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/05/29 17:06:39.0245 5064 nvlddmkm (9d453b3a58e109c051cb8cae08ac148c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/29 17:06:39.0354 5064 NVR0Dev (480fabcafe07051b1677a54f54c18756) C:\Windows\nvoclk64.sys
2011/05/29 17:06:39.0370 5064 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/05/29 17:06:39.0401 5064 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/05/29 17:06:39.0417 5064 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/05/29 17:06:39.0510 5064 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/29 17:06:39.0541 5064 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/05/29 17:06:39.0604 5064 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/05/29 17:06:39.0651 5064 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/05/29 17:06:39.0697 5064 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2011/05/29 17:06:39.0713 5064 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/05/29 17:06:39.0744 5064 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/05/29 17:06:39.0822 5064 pnarp (4ff73a83a25d0eead4f5e6c841bb6704) C:\Windows\system32\DRIVERS\pnarp.sys
2011/05/29 17:06:39.0885 5064 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/29 17:06:39.0916 5064 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/05/29 17:06:39.0963 5064 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/29 17:06:40.0009 5064 purendis (9a68a89f10f283a23afee2a1bfe4bffb) C:\Windows\system32\DRIVERS\purendis.sys
2011/05/29 17:06:40.0041 5064 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/05/29 17:06:40.0087 5064 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/05/29 17:06:40.0119 5064 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/29 17:06:40.0119 5064 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/29 17:06:40.0150 5064 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/29 17:06:40.0212 5064 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/29 17:06:40.0228 5064 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/29 17:06:40.0243 5064 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/29 17:06:40.0275 5064 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/29 17:06:40.0290 5064 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/05/29 17:06:40.0306 5064 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/29 17:06:40.0368 5064 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/05/29 17:06:40.0446 5064 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) C:\Program Files (x86)\RivaTuner v2.20\RivaTuner64.sys
2011/05/29 17:06:40.0477 5064 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/29 17:06:40.0509 5064 RTSTOR (b6b74a05f4da0231d5d275568a104f89) C:\Windows\system32\drivers\RTSTOR64.SYS
2011/05/29 17:06:40.0524 5064 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/05/29 17:06:40.0555 5064 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/29 17:06:40.0587 5064 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/05/29 17:06:40.0602 5064 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/05/29 17:06:40.0618 5064 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/05/29 17:06:40.0649 5064 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/05/29 17:06:40.0680 5064 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/29 17:06:40.0696 5064 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/29 17:06:40.0696 5064 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/05/29 17:06:40.0727 5064 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/05/29 17:06:40.0758 5064 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/05/29 17:06:40.0789 5064 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/05/29 17:06:40.0836 5064 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/05/29 17:06:40.0883 5064 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
2011/05/29 17:06:40.0914 5064 srv2 (fa36d119249bf27bc4c0079734e1f33b) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/29 17:06:40.0945 5064 srvnet (cfe7bc92d52c7e79427545909a0182f8) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/29 17:06:40.0977 5064 ssfs0bbc (8a398f4debea1300f3879f4d9b5144fc) C:\Windows\system32\DRIVERS\ssfs0bbc.sys
2011/05/29 17:06:40.0992 5064 ssidrv (55564786d02b7192fa5adcc2c641d66c) C:\Windows\system32\DRIVERS\ssidrv.sys
2011/05/29 17:06:41.0055 5064 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/29 17:06:41.0086 5064 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/05/29 17:06:41.0148 5064 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/05/29 17:06:41.0164 5064 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/05/29 17:06:41.0226 5064 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2011/05/29 17:06:41.0289 5064 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/29 17:06:41.0335 5064 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/29 17:06:41.0367 5064 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/05/29 17:06:41.0382 5064 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/05/29 17:06:41.0429 5064 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/29 17:06:41.0476 5064 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/29 17:06:41.0507 5064 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/29 17:06:41.0538 5064 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/29 17:06:41.0585 5064 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/29 17:06:41.0601 5064 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/05/29 17:06:41.0647 5064 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/29 17:06:41.0694 5064 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/29 17:06:41.0710 5064 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/05/29 17:06:41.0725 5064 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/05/29 17:06:41.0757 5064 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/05/29 17:06:41.0772 5064 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/29 17:06:41.0819 5064 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
2011/05/29 17:06:41.0866 5064 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
2011/05/29 17:06:41.0913 5064 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/29 17:06:41.0928 5064 usbcir (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/29 17:06:41.0959 5064 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/29 17:06:41.0991 5064 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/29 17:06:42.0006 5064 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/05/29 17:06:42.0053 5064 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/29 17:06:42.0100 5064 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/29 17:06:42.0147 5064 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/29 17:06:42.0178 5064 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/29 17:06:42.0193 5064 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/29 17:06:42.0209 5064 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/05/29 17:06:42.0225 5064 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/05/29 17:06:42.0271 5064 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/05/29 17:06:42.0334 5064 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/05/29 17:06:42.0381 5064 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/05/29 17:06:42.0396 5064 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/05/29 17:06:42.0427 5064 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/05/29 17:06:42.0474 5064 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/29 17:06:42.0490 5064 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/29 17:06:42.0521 5064 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/05/29 17:06:42.0552 5064 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/29 17:06:42.0630 5064 winachsf (d36af55c2c09b55aacf4a65c7fea9c37) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
2011/05/29 17:06:42.0661 5064 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/29 17:06:42.0724 5064 WMP300Nv1 (1f44a681890af1e5ab3a39e23eac9fb6) C:\Windows\system32\DRIVERS\WMP300Nv1.sys
2011/05/29 17:06:42.0802 5064 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/29 17:06:42.0880 5064 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/29 17:06:42.0895 5064 XAudio (e288fa83c178a3458bac1fa80b346c06) C:\Windows\system32\DRIVERS\xaudio64.sys
2011/05/29 17:06:42.0973 5064 MBR (0x1B8) (b751af1acddd7a1a71313731839f4ecb) \Device\Harddisk0\DR0
2011/05/29 17:06:43.0036 5064 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk6\DR6
2011/05/29 17:06:43.0036 5064 ================================================================================
2011/05/29 17:06:43.0036 5064 Scan finished
2011/05/29 17:06:43.0036 5064 ================================================================================
2011/05/29 17:06:43.0051 4304 Detected object count: 0
2011/05/29 17:06:43.0051 4304 Actual detected object count: 0
2011/05/29 17:06:56.0499 3672 Deinitialize success

#7 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:17 PM

Posted 30 May 2011 - 06:08 AM

Hi again Gjeesterphlunnie!!.. :)

Logs look ok - tell me what problem remains...

Please do the following:

Firstly,
We need to update outdated programs (with security vulnerabilities) on your machine:

- Adobe Acrobat Reader:

You're using an old version of Adobe Acrobat Reader, this can leave your PC open to vulnerabilities, you can update it here (uninstall version 8.2 first):
Adobe Reader X

Note: I suggest you uncheck an optional, third-party download (eg. McAfee Security Scan Plus).

After successfully installing Adobe Reader X, see this article on how to make this program more secure: Adobe Reader X secures itself by playing in the sandbox.

- Java

Go to Start -> Control Panel -> Programs and Features, highlight a program to see the available option on the toolbar for it. Choose Uninstall for:
Java™ 6 Update 13
Java™ 6 Update 5
Java™ 6 Update 7


Then,
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says Java Platform, Standard Edition / "Java SE 6 Update 25".
  • Click the "Download JRE" button to the right.
  • In the Window that opens, check the box that says: "Accept License Agreement".
  • Click on the link: jre-6u25-windows-i586.exe to download an offline installer for Windows x86. Save the file to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your Desktop double-click on the file that you've downloaded to install the newest version.

- Adobe Flash Player:

To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger.
3. Double-click on the file you've downloaded to uninstall Flash.
4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).
Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).


Secondly,
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer (32 bit version - Start --> All programs --> Internet Explorer) for this scan. Internet Explorer must be run as administrator - right click and choose: Run as administrator.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files (x86)\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Thirdly,
Run a fresh scan with OTL.exe (--> Run Scan), only OTL.txt report will be generated, post the contents of it in your next reply...
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#8 Gjeesterphlunnie

Gjeesterphlunnie
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 30 May 2011 - 03:29 PM

Well, it seems that most of the problems are fixed. It still takes an unusual length of time to load programs after I open them... I ran ESET and after over an hour it finished after finding no threats; however, after I ran OTL I could not find the ESET log. I can re-run it if you suggest.

OTL logfile created on: 5/30/2011 12:55:03 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Tyler\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 2.95 Gb Available Physical Memory | 49.16% Memory free
12.19 Gb Paging File | 8.84 Gb Available in Paging File | 72.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 586.40 Gb Total Space | 337.66 Gb Free Space | 57.58% Space Free | Partition Type: NTFS

Computer Name: TYLER-PC | User Name: Tyler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/29 06:56:09 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Tyler\Desktop\OTL.exe
PRC - [2011/05/18 09:29:45 | 009,691,288 | ---- | M] (Blizzard Entertainment) -- C:\Users\Public\Games\World of Warcraft\Wow.exe
PRC - [2010/11/22 06:12:26 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2010/05/03 07:56:01 | 000,488,968 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\realplay.exe
PRC - [2010/05/03 07:55:59 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/23 06:29:18 | 007,418,368 | -H-- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 06:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/01/20 10:08:06 | 006,278,520 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/01/20 10:07:50 | 001,090,936 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2008/12/14 10:29:00 | 000,467,240 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/12/07 22:25:50 | 003,671,408 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2008/12/07 22:25:50 | 000,181,616 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.exe
PRC - [2008/05/30 13:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe
PRC - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 14:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/02/01 14:04:50 | 000,057,344 | ---- | M] (Chicony) -- C:\Windows\ChiFuncExt.exe
PRC - [2007/03/21 16:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (SafeList) ==========

MOD - [2011/05/29 06:56:09 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Tyler\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2007/04/19 15:21:40 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprthook.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/06/11 13:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)
SRV:64bit: - [2006/08/04 04:48:30 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2011/03/29 15:41:46 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/02 15:59:58 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/04/06 18:37:56 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/20 10:07:50 | 001,090,936 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/12/07 22:25:50 | 003,671,408 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2008/05/05 17:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/04/04 15:24:56 | 000,173,568 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2007/03/21 16:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/12/12 19:05:18 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\purendis.sys -- (purendis)
DRV:64bit: - [2008/12/12 19:05:18 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\pnarp.sys -- (pnarp)
DRV:64bit: - [2008/12/07 22:26:04 | 000,131,184 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2008/12/07 22:26:02 | 000,037,488 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV:64bit: - [2008/06/05 21:21:44 | 000,066,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/03/24 20:50:18 | 007,715,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2007/12/14 19:16:40 | 000,709,632 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2007/06/21 20:16:42 | 000,825,336 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WMP300Nv1.sys -- (WMP300Nv1)
DRV:64bit: - [2007/05/05 22:04:00 | 000,313,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2007/03/21 15:59:30 | 000,381,720 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/03/12 03:11:00 | 000,320,512 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WUSB54GCx64.sys -- (netr7364)
DRV:64bit: - [2006/11/08 03:19:12 | 001,513,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2006/11/08 03:16:56 | 000,403,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2006/11/08 03:15:50 | 000,731,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2006/08/04 04:42:48 | 000,009,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2006/06/19 01:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2008/12/08 17:16:36 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.20\RivaTuner64.sys -- (RivaTuner64)
DRV - [2008/06/11 13:13:24 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
DRV - [2007/04/04 15:21:16 | 000,018,216 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclk64.sys -- (NVR0Dev)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0908&m=dx4710-05
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0908&m=dx4710-05

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0908&m=dx4710-05
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/05/20 02:10:07 | 000,000,000 | ---D | M]

[2010/02/25 12:34:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Extensions
[2010/02/25 12:34:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/05/30 09:33:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/30 08:59:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

O1 HOSTS File: ([2011/03/02 19:05:47 | 000,000,698 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe (Acer Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Program Files (x86)\NOS\bin\getPlusUninst_Adobe.exe (NOS Microsystems Ltd.)
O4 - Startup: C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Tyler\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Tyler\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e3bccfd4-6f6d-11df-b1f1-001fe2581d07}\Shell - "" = AutoRun
O33 - MountPoints2\{e3bccfd4-6f6d-11df-b1f1-001fe2581d07}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{fbb6b9eb-c9fd-11dd-85c1-001fe2581d07}\Shell - "" = AutoRun
O33 - MountPoints2\{fbb6b9eb-c9fd-11dd-85c1-001fe2581d07}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/30 11:15:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/05/30 11:14:13 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/05/30 11:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2011/05/30 11:14:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NOS
[2011/05/30 09:28:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/30 09:16:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/05/30 09:14:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/05/30 09:06:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/05/30 09:06:17 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/05/30 09:06:17 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011/05/30 09:06:17 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/05/30 09:06:17 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/05/30 09:06:17 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/05/30 09:06:17 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/05/30 09:06:16 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/05/30 09:06:16 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/05/30 09:06:16 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/05/30 09:06:16 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/05/30 09:06:16 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011/05/30 09:06:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/05/30 09:06:16 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011/05/30 09:06:16 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/05/30 09:06:16 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/05/30 09:06:16 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/05/30 09:06:16 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/05/30 09:06:16 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/05/30 09:06:16 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/05/30 09:06:16 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/05/30 09:06:15 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/05/30 09:06:15 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/05/30 09:06:15 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/05/30 09:06:15 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/05/30 09:06:15 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/05/30 09:06:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/05/30 09:06:15 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/05/30 09:06:15 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/05/30 09:06:15 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/05/30 09:06:14 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/05/30 09:06:14 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/05/30 09:06:14 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/05/30 09:06:14 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/05/30 09:06:14 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2011/05/30 09:06:14 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/05/30 09:06:14 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/05/30 09:06:14 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011/05/30 09:06:14 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/05/30 09:06:13 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/05/30 09:06:12 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/05/30 09:06:12 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/05/30 09:06:12 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/05/30 09:06:12 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/05/30 09:06:12 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/05/30 09:06:12 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/05/30 09:06:12 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2011/05/30 09:06:12 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/05/30 09:06:12 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/05/30 09:06:12 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/05/30 09:06:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/05/30 09:06:12 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/05/30 09:06:10 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/05/30 09:06:09 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/05/30 09:06:09 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/05/30 09:06:09 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/05/30 09:06:09 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/05/30 09:06:09 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/05/30 09:06:09 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/05/30 09:06:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/05/30 09:06:09 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/05/30 09:06:09 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/05/30 09:06:09 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/05/30 09:06:09 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/05/30 09:06:09 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/05/30 09:06:09 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/05/30 09:06:09 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/05/30 09:06:09 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/05/30 09:06:09 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/05/30 09:06:09 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/05/30 09:06:08 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/05/30 09:06:08 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/05/30 09:06:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/05/30 09:06:08 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/05/30 09:06:08 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/05/30 09:06:08 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/05/30 09:06:08 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/05/30 09:06:08 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/05/30 09:06:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/05/30 09:06:08 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/05/30 09:05:33 | 000,000,000 | ---D | C] -- C:\Users\Tyler\Desktop\Andrew
[2011/05/30 08:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/05/30 08:59:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/05/30 08:59:15 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/05/30 08:59:15 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/05/30 08:59:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/05/30 08:59:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/05/29 12:45:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/29 08:00:59 | 000,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Local\Mozilla
[2011/05/29 08:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/05/29 06:56:07 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Tyler\Desktop\OTL.exe
[2011/05/25 07:10:16 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tyler\Desktop\TDSSKiller.exe
[2011/05/21 09:52:59 | 000,606,738 | R--- | C] (Swearware) -- C:\Users\Tyler\Desktop\dds.scr
[2011/05/18 23:47:55 | 000,354,816 | ---- | C] (Zygor Guides) -- C:\Users\Tyler\Desktop\ZygorGuides_Updater.exe
[2011/05/18 09:04:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2011/05/09 21:01:16 | 001,653,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/05/09 21:01:15 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll

========== Files - Modified Within 30 Days ==========

[2011/05/30 12:08:20 | 000,000,789 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/05/30 11:32:29 | 000,368,505 | ---- | M] () -- C:\Users\Tyler\Desktop\MiniToolBox.exe
[2011/05/30 11:14:13 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/05/30 11:11:14 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/30 11:11:14 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/30 11:11:14 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/30 11:04:13 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/30 11:04:10 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/30 11:04:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2011/05/30 11:03:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/30 11:03:26 | 2145,570,815 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/30 09:09:20 | 000,000,975 | ---- | M] () -- C:\Users\Tyler\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/30 09:06:33 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
[2011/05/30 09:06:33 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
[2011/05/30 09:06:33 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
[2011/05/30 09:06:33 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
[2011/05/30 09:06:17 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/05/30 09:06:17 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/05/30 09:06:17 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011/05/30 09:06:17 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/05/30 09:06:17 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/05/30 09:06:17 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/05/30 09:06:17 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/05/30 09:06:16 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/05/30 09:06:16 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/05/30 09:06:16 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/05/30 09:06:16 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/05/30 09:06:16 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011/05/30 09:06:16 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/05/30 09:06:16 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011/05/30 09:06:16 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/05/30 09:06:16 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/05/30 09:06:16 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/05/30 09:06:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/05/30 09:06:16 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/05/30 09:06:16 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/05/30 09:06:16 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/05/30 09:06:16 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/05/30 09:06:15 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/05/30 09:06:15 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/05/30 09:06:15 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/05/30 09:06:15 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/05/30 09:06:15 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/05/30 09:06:15 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/05/30 09:06:15 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/05/30 09:06:15 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/05/30 09:06:15 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/05/30 09:06:14 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/05/30 09:06:14 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/05/30 09:06:14 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/05/30 09:06:14 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/05/30 09:06:14 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2011/05/30 09:06:14 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/05/30 09:06:14 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/05/30 09:06:14 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011/05/30 09:06:14 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/05/30 09:06:13 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/05/30 09:06:12 | 002,303,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/05/30 09:06:12 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/05/30 09:06:12 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/05/30 09:06:12 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/05/30 09:06:12 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/05/30 09:06:12 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/05/30 09:06:12 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2011/05/30 09:06:12 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/05/30 09:06:12 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/05/30 09:06:12 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/05/30 09:06:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/05/30 09:06:12 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/05/30 09:06:10 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/05/30 09:06:09 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/05/30 09:06:09 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/05/30 09:06:09 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/05/30 09:06:09 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/05/30 09:06:09 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/05/30 09:06:09 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/05/30 09:06:09 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/05/30 09:06:09 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/05/30 09:06:09 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/05/30 09:06:09 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/05/30 09:06:09 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/05/30 09:06:09 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/05/30 09:06:09 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/05/30 09:06:09 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/05/30 09:06:09 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/05/30 09:06:09 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/05/30 09:06:09 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/05/30 09:06:09 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/05/30 09:06:08 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/05/30 09:06:08 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/05/30 09:06:08 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/05/30 09:06:08 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/05/30 09:06:08 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/05/30 09:06:08 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/05/30 09:06:08 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/05/30 09:06:08 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/05/30 09:06:08 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/05/30 09:06:08 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/05/30 08:59:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/05/30 08:59:05 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/05/30 08:59:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/05/30 08:59:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/05/30 03:00:23 | 000,001,716 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_LB879DB90446449D0AF13C728967550DA.job
[2011/05/29 12:54:20 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tyler\Desktop\TDSSKiller.exe
[2011/05/29 08:01:00 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/05/29 07:10:22 | 000,029,823 | ---- | M] () -- C:\Users\Tyler\Desktop\Finance 2011.ods
[2011/05/29 06:56:09 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Tyler\Desktop\OTL.exe
[2011/05/28 16:29:17 | 344,045,142 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/28 00:29:41 | 000,018,126 | ---- | M] () -- C:\Users\Tyler\AppData\Roaming\0EEE.D24
[2011/05/21 09:52:13 | 000,606,738 | R--- | M] (Swearware) -- C:\Users\Tyler\Desktop\dds.scr
[2011/05/18 23:46:55 | 000,354,816 | ---- | M] (Zygor Guides) -- C:\Users\Tyler\Desktop\ZygorGuides_Updater.exe
[2011/05/07 15:12:50 | 000,016,249 | -H-- | M] () -- C:\Users\Tyler\Desktop\Schedules.odt
[2011/04/30 14:35:51 | 000,003,068 | -H-- | M] () -- C:\Users\Tyler\Documents\Labels OOo
[2011/04/30 14:33:02 | 000,001,614 | -H-- | M] () -- C:\Users\Tyler\Documents\Labels.OOo.odb

========== Files Created - No Company Name ==========

[2011/05/30 11:32:27 | 000,368,505 | ---- | C] () -- C:\Users\Tyler\Desktop\MiniToolBox.exe
[2011/05/30 09:16:40 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/30 09:06:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/05/30 09:06:09 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/05/29 08:01:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/29 07:10:18 | 000,029,823 | ---- | C] () -- C:\Users\Tyler\Desktop\Finance 2011.ods
[2011/05/20 12:48:59 | 000,018,126 | ---- | C] () -- C:\Users\Tyler\AppData\Roaming\0EEE.D24
[2011/05/07 14:59:19 | 000,016,249 | -H-- | C] () -- C:\Users\Tyler\Desktop\Schedules.odt
[2011/04/30 14:35:51 | 000,003,068 | -H-- | C] () -- C:\Users\Tyler\Documents\Labels OOo
[2011/04/30 14:33:02 | 000,001,614 | -H-- | C] () -- C:\Users\Tyler\Documents\Labels.OOo.odb
[2010/10/18 21:23:07 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/10/18 21:23:07 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010/09/24 16:52:41 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/09/24 16:52:28 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/09/24 16:52:08 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/09/16 10:17:21 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/09/16 10:17:20 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/07/29 13:14:15 | 000,000,219 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010/07/29 13:14:15 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010/05/03 07:57:24 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/02/16 08:21:49 | 008,673,792 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/12/14 19:17:46 | 000,012,665 | ---- | C] () -- C:\Windows\DiabUnin.dat
[2009/12/14 13:37:22 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2009/12/14 13:37:22 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2009/12/14 13:37:22 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2009/12/13 22:17:42 | 000,041,074 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2009/07/07 04:21:08 | 155,255,392 | ---- | C] () -- C:\Program Files (x86)\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe
[2009/04/27 20:41:59 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/02/03 10:39:49 | 000,000,091 | ---- | C] () -- C:\Windows\CIV.INI
[2009/01/21 05:42:50 | 000,000,126 | -H-- | C] () -- C:\Users\Tyler\AppData\Roaming\wklnhst.dat
[2009/01/01 18:30:27 | 000,052,864 | R--- | C] () -- C:\Windows\SysWow64\SetupWizard.exe
[2008/12/07 22:25:56 | 000,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2008/12/04 14:38:55 | 000,001,356 | -H-- | C] () -- C:\Users\Tyler\AppData\Local\d3d9caps.dat
[2008/12/04 14:37:34 | 000,001,460 | -H-- | C] () -- C:\Users\Tyler\AppData\Local\d3d9caps64.dat
[2008/12/04 12:38:02 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/12/04 08:39:21 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat
[2008/12/02 14:37:36 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2008/12/02 14:31:41 | 000,009,216 | ---- | C] () -- C:\Users\Tyler\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/08/01 04:27:58 | 000,001,361 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI
[2007/03/12 13:01:30 | 000,273,408 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2007/01/02 04:12:02 | 000,581,120 | ---- | C] () -- C:\Windows\mHotkey.exe
[2007/01/02 04:12:02 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll
[2007/01/02 04:12:02 | 000,036,864 | ---- | C] () -- C:\Windows\LchDrvKey.exe
[2007/01/02 04:12:02 | 000,000,870 | ---- | C] () -- C:\Windows\mhotkey_reg.ini
[2007/01/02 03:26:58 | 002,215,364 | ---- | C] () -- C:\Windows\SysWow64\igklg400.bin
[2007/01/02 03:26:58 | 001,971,732 | ---- | C] () -- C:\Windows\SysWow64\igklg450.bin
[2007/01/02 03:26:58 | 000,029,932 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.bin
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

< End of report >

#9 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:17 PM

Posted 30 May 2011 - 04:54 PM

Hi again Gjeesterphlunnie!!.. :)

Ok, thanks for the update!!.. No need to show the ESET log, since no threats were found...

It still takes an unusual length of time to load programs after I open them...

Hmmm, has it been happening for a few days, it was always like that or it started occuring only after installing a program of some sort??..

With such issues, the most common source of the problem is a security program, in your case: Webroot AntiVirus with AntiSpyware - please disable all of its shields and check if problem remains (refer to this topic: How to disable your security applications)...

You can also check if the issue persists in Safe Mode as well...

Let me know how it goes...
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#10 Gjeesterphlunnie

Gjeesterphlunnie
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 04 June 2011 - 03:42 PM

Ok, everything has been running like clockwork for the last few days thanks to you!

However, things have started slowing again especially when I open my task manager it gets really laggy and I have a TON of svchost.exe programs running one of which runs at over 600,000k... is this normal?

#11 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:17 PM

Posted 05 June 2011 - 10:48 AM

Hi again Gjeesterphlunnie!!.. :)

Ok, everything has been running like clockwork for the last few days thanks to you!

Glad to see it!!.. :)

However, things have started slowing again especially when I open my task manager it gets really laggy and I have a TON of svchost.exe programs running one of which runs at over 600,000k... is this normal?

A "ton" of svchost.exe processes is a normal thing, but such a memory usage by one of them is a bit odd...

Please check this:

Launch Task Manager by right-clicking the taskbar and then clicking Task Manager.
Make sure that processes from all users are shown - in most cases, you'll need to click the button labeled as: "Show processes from all users", and confirm the UAC prompt...
Observe the CPU usage - write down the name of the process which takes most of the CPU...
If this is one of the svchost.exe processes, right click on it, and choose: Go to Services ... Services associated with that svchost.exe process will be highlighted... Write down the names of all highlighted Services...

Please post for me the name of the process taking most of the CPU or the names of the Services associated with the svchost.exe process (taking most of the CPU)...
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#12 Gjeesterphlunnie

Gjeesterphlunnie
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 05 June 2011 - 06:14 PM

The biggest CPU hog was an svchost.exe with the following services:
wudfsvc
WPDBusEnum
Wlansvc
WdiSystemHost
UxSms
TrkWks
TabletInputService
SysMain
PcaSvs
Netman
hidserv
EMDMgmt
AudioEndpointBuilder

Thanks again for all your help!!

#13 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:17 PM

Posted 06 June 2011 - 05:12 AM

Hi again Gjeesterphlunnie!!.. :)

On my system (also Vista SP2 64bit), the svchost.exe process running the same Services uses around 130MB of memory (RAM)...

Ok, please do the following:

Firstly,
Run Windows Update --> Start --> All programs --> Windows Update, install all critical updates, install all recommended (optional) updates as well (this includes Internet Explorer 9.0)... You'll probably be asked to reboot (if not, do it manually)...
After a reboot, check if a problem still remains...

If yes:
I suggest disabling unneeded Services... According to this list: Black Viper’s Windows Vista Service Pack 2 Service Configurations, these two Services can be safely disabled:
Tablet PC Input Service
Distributed Link Tracking Client

Open services.msc (for help with that see: Vista: How do I change the Automatic/Manual/Disabled function?), and set the startup type of these two Services to disabled:

- Tablet PC Input Service (TabletInputService)
- Distributed Link Tracking Client (TrkWks)

Reboot and let me know if problem remains...
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#14 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:17 PM

Posted 19 June 2011 - 05:37 AM

Still with us Gjeesterphlunnie??..
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#15 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:17 PM

Posted 01 July 2011 - 07:26 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users